Snyk Validation Integration

By combining Snyk SAST and Bright DAST, users can more comprehensively validate their Snyk SAST issues. This approach reduces false positives and improves the reliability of vulnerability assessments, providing a more robust and trustworthy experience.

This is how the Snyk integration works:

  1. Bright continuously reviews all Snyk SAST issues
  2. The Bright integration identifies a test for each Snyk issue
  3. A list of tests is collected for each project
  4. The Bright app runs selected tests and provides a list of validated issues
  5. Each Bright issue is linked with a corresponding Snyk SAST issue


  • Created a project in Snyk using an Org Admin service account
  • Obtained Snyk organization ID and API key (token)

Step-by-step guide

  1. Open the Organization page → Integration section

  2. Select the SnykSettings

  3. Provide Snyk organization ID and organization API key and click Connect

  4. Create a project and select permissions: ProjectsCreate project → Type the project name and select groups that can access this project → click Create



    One Bright project can be connected with one Snyk project only. For more integrations new projects should be created.

  5. Open the Project pageIntegration SettingsAdd integration

  6. Select a Snyk project, associate a Repository and click Save

  7. Configure Issue Severity:

    • Minimal severity - select from Critical, High, Medium, Low, None options. For example, when choosing High, you will only get Critical and High severity issues.
    • Minimal Snyk Score to validate - use this field to filter issues imported to Bright. For example, when selecting 750, you will get only those above this score.
  8. Open the Scans page → Create a new scan, select the project created earlier and click Start Scan

The Snyk project contains a list of tests to perform; manual test selection will be unavailable.

How to review performed tests

To see a list of tests provided by the Snyk project, do the following:

  • Open the Scans page → select a scan
  • click the Configuration tab and scroll down to Tests to run

Scan results

After the tests are completed, a scan page will display a list of issues found. To view a brief, point at the i symbol next to the project name:

  • SAST vulnerabilities: all vulnerabilities imported from the Snyk SAST project
  • Validated by Bright: number of Snyk vulnerabilities tested by the Bright DAST
  • Bright finding: Snyk vulnerabilities found by the Bright DAS

To look deeper at the scan results, open the Snyk Vulnerabilities tab. You can filter the results and adjust the table. To open a vulnerability in your Snyk project, click on the title, and a new tab will appear. To open an issue on your Bright project, click on the item in the Bright finding column.